Professional Documents
Culture Documents
Security
Block Ciphers and DES, and
modes of operation
M. Sakalli
Reviewed, from Stallings
Goals
• To introduce the notion of block ciphers,
ideal block cipher and its infeasibility, the
Feistel Cipher Structure.
• DES: its strength and weakness.
2
Stream vs. Block Ciphers
• Symmetric cipher: same key used for
encryption and decryption
– Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits), cryptographic
checksum to ensure content not changed..
Hardware friendly.
– Stream cipher: encrypts data one bit or one
byte at a time, all classical ciphers 3
Claude Shannon and Substitution-
Permutation Ciphers
• in 1949 Claude Shannon introduced idea
of substitution-permutation (S-P) networks
• Modern substitution-transposition product
cipher based on these two primitive
operations:
– substitution (S-box), provide confusion to
dissipate statistical structure of PT over the
bulk of CT
– permutation (P-box), provide diffusion make
the relationship between CT and key as
complex as possible
Ideal Block Cipher
• A block of N PT bits
replaced wt a block of N CT
bits. (N = 64 or 128.), a
block cipher is a mono-
alphabetic cipher, and each
block represents a gigantic
“character.” Each particular
cipher is a one-to-one
mapping from the PT
alphabet to the CT alphabet.
• 2N! such mappings, and
block cipher would allow the
use of any such mapping
and the secret key indicates
which mapping to use.
5
Key Size of Ideal Block Cipher
• Since there are 2N! different mappings, there are 2N!
different keys. the required key length will be log 2(2N!) ≈
N × 2N ≈ 1021 bits ≈ 1011 GB.
• That is infeasible!
• Modern block ciphers use a key of K bits to specify a
random subset of 2K mappings.
• If N ≈ K,
– 2K is much smaller than 2N!
– But is still very large
• If the selection of the 2K mappings is random, a good
approximation of the ideal block cipher is possible.
• Horst Feistel, in1970s, proposed a method to achieve
this.
6
The Feistel Cipher Structure
7
Li-1 Ri-1
2w bits partitioned
into halves; Ki
F
• L & R each 32 bits
• Li = Ri–1
• Ri = Li–1 F(Ri–1, Ki)
DES: The Data Encryption Standard
• Adopted by NIST in 1977. Most widely used
block cipher in the world.
• Features: Based on the Feistel cipher, block
size = 64 bits, key size 56 bits, number of
rounds =16
• Specifics: Subkey generation, and the
design of the round function F.
• Speed: fast software en/decryption & ease
of analysis
– Any further increase in key or/and block size and
the # of rounds improves the security, but slows
the cipher. 10
• 16 round keys are
generated from the
main key by a
sequence of
permutations.
• Each round key is
results in 48 bits.
• Initial Permutation: IP,
reorders the input data bits.
The last step is inverse IP.
IP and IP-1: specified by
tables, has no impact on
security, due to the
implementation in chips.
DES Encryption
DES Round Structure
DES Round
Structure
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1
0 15 7 4 14 2 13 1 10 6 12 11 6 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
• At each round: 21 13 5 28 20 12 4
• efficiency
– can do parallel encryptions
– in advance of need
– good for bursty high speed links
• random access to encrypted data blocks
• provable security (good as other modes)
• but must ensure never reuse key/counter
values, otherwise could break (cf OFB)
Summary
• have considered:
– block cipher design principles
– DES
• details
• strength
– Differential & Linear Cryptanalysis
– Modes of Operation
• ECB, CBC, CFB, OFB, CTR